Friday, 17 February 2012

AVA Rootkit

If you are a TF2 weapon collector, chances are you've installed and played Alliance of Valiant Arms for the Black Rose. If you are one of these people, get rid of the game and nProtect GameGuard as soon as you're done with it.

nProtect is a rootkit, which means it installs much deeper in your OS than a standard program, making it much harder to remove. From the Wikipedia page, here's a quick description of exactly what nProtect does:
GameGuard hides the game application process, monitors the entire memory range, terminates applications defined by the game vendor and INCA Internet to be cheats (QIP for example), blocks certain calls to DirectX functions and Windows APIs, keylogs your keyboard input, and auto-updates itself to change as new threats surface.
GameGuard possesses a database on game hacks based on security references from more than 260 game clients. Some editions of GameGuard are now bundled with INCA Internet's Tachyon anti-virus/anti-spyware library, and others with nProtect KeyCrypt, an anti-keylogger software that protects the keyboard input information.
So basically, it's there as an anti-cheat. It apparently contains a keylogger and hogs a lot of system resources, but doesn't do anything explicitly malicious -- the problem is that it's a back door into your system for people who know how to crack it, meaning it's a potentially MAJOR security risk and could result in all your passwords being stolen.

No comments:

Post a Comment